Debian: New bidwatcher packages fix format string vulnerability

    Date18 Feb 2005
    CategoryDebian
    6185
    Posted ByJoe Shakespeare
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 687-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                             Martin Schulze
    February 18th, 2005                     http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : bidwatcher
    Vulnerability  : format string
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CAN-2005-0158
    
    Ulf Härnhammar from the Debian Security Audit Project discovered a
    format string vulnerability in bidwatcher, a tool for watching and
    bidding on eBay auctions.  This problem can be triggered remotely by a
    web server of eBay, or someone pretending to be eBay, sending certain
    data back.  As of version 1.3.17 the program uses cURL and is not
    vulnerable anymore.
    
    For the stable distribution (woody) this problem has been fixed in
    version 1.3.3-1woody1.
    
    For the unstable distribution (sid) this problem will be fixed soon.
    
    We recommend that you upgrade your bidwatcher package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1.dsc
          Size/MD5 checksum:      637 2a65bc6cbed81466721793318948aed4
        http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1.diff.gz
          Size/MD5 checksum:     3368 b36c63ae2e6a5c42bb13c506f980e1ba
        http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3.orig.tar.gz
          Size/MD5 checksum:   136679 2094c233fa21c80f65d5dce1bf4fb133
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_alpha.deb
          Size/MD5 checksum:    95574 dc1f1c5581af8526fe916ea0246fec8e
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_arm.deb
          Size/MD5 checksum:    85060 6dff37d2dbb68c869553b4008b47f7df
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_i386.deb
          Size/MD5 checksum:    82152 49d709d2f5a81dcfd8b462d60af5218b
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_ia64.deb
          Size/MD5 checksum:   103978 874237be875f51817240c7ce79a96732
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_hppa.deb
          Size/MD5 checksum:   109292 b164a9dc42b40a2eda85896dfec8d310
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_m68k.deb
          Size/MD5 checksum:    79942 7d101eb867927c88d5ec2fd127494497
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_mips.deb
          Size/MD5 checksum:    81562 f0f65a2f84feef4dc4afa5cb82126350
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_mipsel.deb
          Size/MD5 checksum:    80606 1e2786878f126a90e26c6894d44f7d35
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_powerpc.deb
          Size/MD5 checksum:    81478 19128bd956597ed8ed7c6780b09ee15d
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_s390.deb
          Size/MD5 checksum:    80902 d4d892f6ffb796106bdcb09c8ed3181a
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_sparc.deb
          Size/MD5 checksum:    80802 d5882fbca7b6a7b2205a1fb8b5c76112
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"7","type":"x","order":"1","pct":58.33,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"2","type":"x","order":"3","pct":16.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.